/usr/share/doc/libgnutls11/NEWS.gz

Version 1.0.16 (10/07/2004)
- Do not free the SRP (prime and generator) parameters obtained from the
callback if they are the static ones defined in extra.h.
- Eliminated some memory leaks. Reported by Yoann Vandoorselaere.
- Some fixes in the makefiles.
Version 1.0.15 (29/06/2004)
- Fixed bug in RSA encryption, report and patch by Martijn Koster
<mak@greenhills.co.uk>.
- Corrected a bug in
more»

/usr/share/doc/libgnutls11/changelog.Debian.gz

gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high
* Pulled from upstream 1.4.2-->1.4.4:
Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto
06 rump session attack. See
<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
not exactly the same as the problem we fix here). Reported by Yutaka
OIWA <y.oiwa@aist.go.jp>.
more»